Oct 15
Top Secret/SCI
Mid Level Career (5+ yrs experience)
No Traveling
IT - Security
Remote/Hybrid•Silver Spring, MD (Off-Site/Hybrid)
Position Description:
The Information Security Specialist III supports the National Oceanic and Atmospheric Administration (NOAA) Internal Risk Management Program (IRMP), providing advanced technical, analytical, and programmatic expertise in the prevention, detection, and mitigation of insider threats. This key personnel position executes and advances NOAA’s IRMP objectives in compliance with federal security regulations, most notably Executive Order 13587, National Insider Threat Policy, NIST, FISMA, NSPM-33, and agency-specific guidance. The Information Security Specialist III collaborates with OCIO leadership, the Internal Risk Office, NOAA research teams, and interagency insider threat task forces to strengthen the security posture of NOAA’s classified and unclassified environments.
Location: Hybrid (Silver Spring, MD)
Clearance: Active TS/SCI
Responsibilities and/or Success Factors: Information Security Program Development and Implementation
Lead the development and implementation of comprehensive information security policies, procedures, and protocols for insider threat detection and mitigation
Design and establish security frameworks that integrate physical security, personnel security, cybersecurity, and information assurance functions
Develop research security protocols in compliance with NSPM-33 to protect sensitive NOAA research activities from internal and external threats
Create and maintain security guidelines for handling classified national security information (CNSI) and controlled unclassified information (CUI) Risk Assessment and Analysis
Conduct comprehensive risk assessments of NOAA's information systems, networks, and data repositories
Analyze security vulnerabilities and develop mitigation strategies for identified risks
Evaluate and assess compliance with federal security standards including FISMA, NIST frameworks, and DoD cybersecurity requirements
Perform security impact assessments for new systems, applications, and processes Security Data Integration and Monitoring
Consolidate and analyze security data from multiple internal and external sources to identify potential insider threats
Design and implement data integration systems that provide real-time monitoring and actionable insights to leadership
Develop and maintain insider threat detection systems and behavioral monitoring capabilities
Ensure ethical data collection and analysis practices that comply with privacy regulations and civil liberties requirements Incident Response and Investigation
Coordinate incident response activities for suspected insider threat cases and security breaches
Conduct thorough investigations of security incidents involving classified systems and sensitive information
Document incident response actions and develop lessons learned for continuous program improvement
Collaborate with law enforcement agencies and external partners on complex security investigations Compliance and Audit Management
Ensure compliance with federal security regulations including Executive Order 13587, NSPM-33, FISMA, and NIST standards
Conduct regular security compliance audits and assessments
Prepare detailed compliance reports and corrective action plans for identified gaps
Maintain documentation for security authorization and accreditation processes Training and Awareness Program Support
Develop technical training materials and awareness programs focused on insider threat identification and mitigation
Provide expert consultation on security best practices and threat scenarios
Support the delivery of security training sessions for NOAA personnel, contractors, and uniformed services
Create technical resources and job aids for security awareness initiatives Stakeholder Collaboration and Communication
Serve as technical liaison with internal NOAA teams including the Cybersecurity Division and Human Resources
Communicate complex technical security concepts to non-technical stakeholders
Provide expert technical guidance to program leadership and government officials Policy Development and Documentation
Develop and maintain comprehensive security policies and standard operating procedures (SOPs)
Create technical documentation for security systems, processes, and procedures
Review and update security policies to ensure alignment with evolving threats and regulatory requirements
Contribute to the development of security guidelines and best practice documentation
Minimum Qualifications Including Certificates:
Must be a U.S. Citizen
Active Top Secret security clearance with SCI eligibility (required before contract start)
Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related STEM field from an accredited college or university
Five (5) years of experience in information security, cybersecurity, or related field
Five (5) years of experience in insider threat detection, behavioral analysis, or risk management
Experience with federal compliance frameworks including FISMA, NIST Cybersecurity Framework, and Risk Management Framework (RMF)
Knowledge of classified information handling procedures and National Industrial Security Program Operating Manual (NISPOM) requirements
Experience with security incident response and investigation methodologies
Demonstrated experience with security data analysis and threat intelligence platforms
Strong analytical and problem-solving skills with attention to detail
Excellent written and verbal communication skills
Desired Qualifications:
Experience with NOAA or other federal agency cybersecurity programs
Professional security certifications (CISSP, CISM, GIAC, or equivalent)
Experience with behavioral analytics and insider threat detection tools
Knowledge of NSPM-33 research security requirements
Familiarity with NIST Special Publications (SP 800 series) and federal cybersecurity guidance
Experience with Security Information and Event Management (SIEM) systems
Knowledge of machine learning and artificial intelligence applications in cybersecurity
Experience with cloud security frameworks and technologies
Understanding of privacy protection principles and compliance requirements
The Information Security Specialist III supports the National Oceanic and Atmospheric Administration (NOAA) Internal Risk Management Program (IRMP), providing advanced technical, analytical, and programmatic expertise in the prevention, detection, and mitigation of insider threats. This key personnel position executes and advances NOAA’s IRMP objectives in compliance with federal security regulations, most notably Executive Order 13587, National Insider Threat Policy, NIST, FISMA, NSPM-33, and agency-specific guidance. The Information Security Specialist III collaborates with OCIO leadership, the Internal Risk Office, NOAA research teams, and interagency insider threat task forces to strengthen the security posture of NOAA’s classified and unclassified environments.
Location: Hybrid (Silver Spring, MD)
Clearance: Active TS/SCI
Responsibilities and/or Success Factors: Information Security Program Development and Implementation
Lead the development and implementation of comprehensive information security policies, procedures, and protocols for insider threat detection and mitigation
Design and establish security frameworks that integrate physical security, personnel security, cybersecurity, and information assurance functions
Develop research security protocols in compliance with NSPM-33 to protect sensitive NOAA research activities from internal and external threats
Create and maintain security guidelines for handling classified national security information (CNSI) and controlled unclassified information (CUI) Risk Assessment and Analysis
Conduct comprehensive risk assessments of NOAA's information systems, networks, and data repositories
Analyze security vulnerabilities and develop mitigation strategies for identified risks
Evaluate and assess compliance with federal security standards including FISMA, NIST frameworks, and DoD cybersecurity requirements
Perform security impact assessments for new systems, applications, and processes Security Data Integration and Monitoring
Consolidate and analyze security data from multiple internal and external sources to identify potential insider threats
Design and implement data integration systems that provide real-time monitoring and actionable insights to leadership
Develop and maintain insider threat detection systems and behavioral monitoring capabilities
Ensure ethical data collection and analysis practices that comply with privacy regulations and civil liberties requirements Incident Response and Investigation
Coordinate incident response activities for suspected insider threat cases and security breaches
Conduct thorough investigations of security incidents involving classified systems and sensitive information
Document incident response actions and develop lessons learned for continuous program improvement
Collaborate with law enforcement agencies and external partners on complex security investigations Compliance and Audit Management
Ensure compliance with federal security regulations including Executive Order 13587, NSPM-33, FISMA, and NIST standards
Conduct regular security compliance audits and assessments
Prepare detailed compliance reports and corrective action plans for identified gaps
Maintain documentation for security authorization and accreditation processes Training and Awareness Program Support
Develop technical training materials and awareness programs focused on insider threat identification and mitigation
Provide expert consultation on security best practices and threat scenarios
Support the delivery of security training sessions for NOAA personnel, contractors, and uniformed services
Create technical resources and job aids for security awareness initiatives Stakeholder Collaboration and Communication
Serve as technical liaison with internal NOAA teams including the Cybersecurity Division and Human Resources
Communicate complex technical security concepts to non-technical stakeholders
Provide expert technical guidance to program leadership and government officials Policy Development and Documentation
Develop and maintain comprehensive security policies and standard operating procedures (SOPs)
Create technical documentation for security systems, processes, and procedures
Review and update security policies to ensure alignment with evolving threats and regulatory requirements
Contribute to the development of security guidelines and best practice documentation
Minimum Qualifications Including Certificates:
Must be a U.S. Citizen
Active Top Secret security clearance with SCI eligibility (required before contract start)
Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related STEM field from an accredited college or university
Five (5) years of experience in information security, cybersecurity, or related field
Five (5) years of experience in insider threat detection, behavioral analysis, or risk management
Experience with federal compliance frameworks including FISMA, NIST Cybersecurity Framework, and Risk Management Framework (RMF)
Knowledge of classified information handling procedures and National Industrial Security Program Operating Manual (NISPOM) requirements
Experience with security incident response and investigation methodologies
Demonstrated experience with security data analysis and threat intelligence platforms
Strong analytical and problem-solving skills with attention to detail
Excellent written and verbal communication skills
Desired Qualifications:
Experience with NOAA or other federal agency cybersecurity programs
Professional security certifications (CISSP, CISM, GIAC, or equivalent)
Experience with behavioral analytics and insider threat detection tools
Knowledge of NSPM-33 research security requirements
Familiarity with NIST Special Publications (SP 800 series) and federal cybersecurity guidance
Experience with Security Information and Event Management (SIEM) systems
Knowledge of machine learning and artificial intelligence applications in cybersecurity
Experience with cloud security frameworks and technologies
Understanding of privacy protection principles and compliance requirements
group id: 91131482
